View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004010||unreal||ircd||public||2011-03-14 13:19||2013-05-06 07:13|
|Target Version||Fixed in Version||3.4-alpha1|
|Summary||0004010: Listen block "hidden" option.|
|Description||Simple suggestion for a listen block option called "hidden" to allow users to use /stats P but still keep some ports hidden from them without blocking /stats P entirely. Of course opers would still be able to see hidden ports too.|
|Tags||No tags attached.|
|3rd party modules|
What's the point in hiding ports? Clients are either allowed to use them or they aren't.
I can see hiding ports if you could specify how many users can connect to a port and have a reserved port for opers and hide it from non-opers, but you can't so i see no point in it.
1> user can connect to the port thus it should be visible.
2> user can't because it's for servers, set it to serversonly.
3> You don't want users or servers on the port, then why have it open?
Quite simply put because many Admins disable /stats p to stop users seeing server only ports and as a side effect stops users seeing which ports are available to them. The proposal for a hidden flag is so said Admins can hide server ports without preventing users from listing ports that are available.
So at present it's only an all or nothing approach. Where as with the hidden flag it gives an Admin the flxibility to hide only selected ports.
||I understand, but still fail to see the harm in users seeing ports they cant use. My questions were simply out of curiosity. However, I haven't any objection to the feature either.|
Perhaps we should just make the stats output hide server ports all the time?
Clients should never need to know (or have access to) server ports, since that's one step closer to being able to hack in a link or spoof another server during a netsplit.
Admins need to see server and client ports to insure they are actually bound and which options are on the ports ssl, zip .. etc.
A simple portscan is all it takes, so hiding ports doesn't sound too useful...
Still, we could go for Stealth's idea, but only for non-opers:
Hide non-client ports to regular users, but do show them to ircops.
Then, if you still want to hide (regular) client ports in /stats P, then you could just block it and mention the 'OK ports' in your MOTD instead.
|2011-03-14 13:19||Jobe1986||New Issue|
|2011-04-12 06:04||katsklaw||Note Added: 0016647|
|2011-04-12 06:05||katsklaw||Note Edited: 0016647||View Revisions|
|2011-04-12 06:11||katsklaw||Note Edited: 0016647||View Revisions|
|2011-04-12 06:12||katsklaw||Note Edited: 0016647||View Revisions|
|2011-04-13 09:08||Jobe1986||Note Added: 0016648|
|2011-04-14 02:30||katsklaw||Note Added: 0016649|
|2011-09-11 01:29||Stealth||Note Added: 0016748|
|2011-09-11 02:10||katsklaw||Note Added: 0016749|
|2011-09-11 02:10||katsklaw||Note Edited: 0016749||View Revisions|
|2012-12-15 20:50||syzop||Note Added: 0017266|
||Note Added: 0017496|
||Status||new => resolved|
||Fixed in Version||=> 3.4-alpha1|
||Resolution||open => fixed|
||Assigned To||=> nenolod|